{"id":"CVE-2018-0500","details":"Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).","aliases":["CURL-CVE-2018-0500"],"modified":"2026-03-17T05:41:33.166989Z","published":"2018-07-11T13:29:00.317Z","related":["MGASA-2018-0423","SUSE-SU-2018:2423-1","openSUSE-SU-2024:10582-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201807-04"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3710-1/"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041280"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2486"},{"type":"FIX","url":"https://curl.haxx.se/docs/adv_2018-70a2.html"},{"type":"FIX","url":"https://github.com/curl/curl/commit/ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/curl/curl","events":[{"introduced":"54b636f14546d3fde9f9c67c3b32701d78563161"},{"last_affected":"cb013830383f1ccc9757aba36bc32df5ec281c02"}],"database_specific":{"versions":[{"introduced":"7.54.1"},{"last_affected":"7.60.0"}]}}],"versions":["curl-7_54_1","curl-7_55_0","curl-7_55_1","curl-7_56_0","curl-7_56_1","curl-7_57_0","curl-7_58_0","curl-7_59_0","curl-7_60_0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-0500.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}